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DETAILED ACTION 



Claims 1-48 have been examined. 



Claim Rejections - 35 USC § 102 



2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 



3. Claim 1 is rejected under 35 U.S.C. 102(e) as being clearly anticipated by Jain et al. U.S. 
Pat. No. 6047325 (hereinafter Jain). 

4. As per claim 1, Jain discloses a system comprising: a set of filters (Jain: column 2 lines 8- 
18); a mapping of virtual addresses to network addresses (Jain: column 1 line 65 - column 2 line 
67); and a controller, coupled to the set of filters and the mapping, to, access, upon receipt of a 
data packet requested to be sent from a computing device to a target device via a network (Jain: 
column 1 line 65 - column 2 line 67), the set of filters and determine whether the data packet can 
be sent to the target device based on whether the computing device is allowed to communicate 
with the target device (Jain: column 1 line 65 - column 2 line 67), replace, based on the 
mapping, the target address in the data packet with a corresponding target network address (Jain: 
column 1 line 65 - column 2 line 67); and forward the data packet to the target device at the 
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target network address if it is determined the data packet can be sent to the target device (Jain: 
column 1 line 65 - column 2 line 67). 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 2 and 3 are rejected under 35 U.S.C. 103(a) as being unpatentable over Jain in 
view of Audebert U.S. Pat. No. 6694436 (hereinafter Audebert). 

7. As per claim 2, Jain discloses a system as recited in claim 1 . Jain does not explicitly 
disclose wherein the controller is fiirther to prevent the computing device from modifying any of 
the filters in the set of filters. However, Audebert discloses prevent unauthorized modification to 
the filter program (Audebert: column 6 lines 46-61 and column 12 lines 5-16). It would have 
been obvious to one having ordinary skill in the art to prevent modification to the packet filters 
in a filter program. Therefore, it would have been obvious to one having ordinary skill in the art 
to combine the teachings of Audebert within the system of Jain because it increases the security 
of packet filter by preventing modification to the program to bypass the filters. 
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8. As per claim 3, Jain discloses a system as recited in claim 1 . Jain does not explicitly 
disclose wherein the computing device includes the system. However, Audebert discloses that 
limitation (Audebert: column 6 lines 46-61 and column 12 lines 5-16). 

9. Claims 4, 39, 44, and 45 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Jain in view of Boden et al. U.S. Pat. No. 6717949 (hereinafter Boden). 

10. As per claim 4, 39, 44, and 45. Jain discloses a system as recited in claim 1. Jain does not 
explicitly disclose wherein the controller is to make the computing device aware of the virtual 
addresses in the mapping but to hide the network addresses in the mapping from the computing 
device. However, Boden discloses that limitation (Boden: column 1 line 26 - column 2 line 9). 
Using address translation and hide address to increase network security is well known in the art. 
Therefore, it would have been obvious to one having ordinary skill in the art to combine the 
teachings of Boden within the system of Jain. 

1 1 . Claims 5,6, 28-32, 34-36, 38 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Jain in view of Coss et al. U.S. Pat. No. 6141749 (hereinafter Coss) and fiirther in view of 
Dennis et al. U.S. Pat. No. 6466932 (hereinafter Dennis) or fiirther in view of Epstein, III et al. 
U.S. Pat. No. 6684335 (hereinafter Epstein). 

12. As per claim 5, Jain discloses a system as recited in claim 1. Jain does not explicitly 
disclose wherein the controller is fiirther to allow the set of filters to be modified by a plurahty of 
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remote devices operating at a plurality of different managerial levels. However, Coss discloses 
remote proxy or administrator loads filters (Coss: column 9 lines 7-18). It would have been 
obvious to one having ordinary skill in the art to combine the teachings of Coss within the 
system of Jain because it is well known in the art. 

Jain as modified does not explicitly disclose plurality of remote devices operating at plurality of 
different managerial level. However, Dennis discloses that limitation (Dennis: abstract and 
column 9 lines 52-67). It would have been obvious to one having ordinary skill in the art to 
combine the teachings of Dennis within the combination of Jain-Coss because it increases 
security by using administrator at different layers. Altematively, Epstein discloses that limitation 
as well (Epstein: column 1 line 23 - column 2 line 50 and column 16 lines 27-41). It would have 
been obvious to one having ordinary skill in the art to combine the teachings of Epstein within 
the combination of Jain-Coss because it increases security and prevents internal security breach 
by using multiple administrators. 

13. As per claim 6, 28, 34, 35, and 36, Jain as modified discloses a system as recited in 5. 
Jain as modified further discloses the system comprising allowing the set of filters to be modified 
by a lower managerial level remote device only if the modifications are not less restrictive than 
modifications imposed by a higher managerial level remote device (Dennis: abstract and column 
9 lines 52-67; Epstein: column 1 line 23 - column 2 line 50 and column 16 lines 27-41). 

14. As per claim 29, Jain as modified discloses a method as recited in claim 28. Jain as 
modified further discloses wherein the preventing comprises: receiving a request from the lower 
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managerial level device to modify the set of filters (Dennis: abstract and column 9 lines 52-67; 
Epstein: column 1 line 23 - colunm 2 line 50 and column 16 lines 27-41); determining whether 
the requested modification would result in, a violation of a filter previously added to the set of 
filters by the higher managerial device (Dennis: abstract and column 9 lines 52-67; Epstein: 
column 1 line 23 - column 2 line 50 and column 16 lines 27-41); and performing the requested 
modification if the requested modification would not result in a violation, and otherwise not 
performing the requested modification (Dennis: abstract and column 9 lines 52-67; Epstein: 
column 1 line 23 - column 2 line 50 and column 16 lines 27-41). 

15. As per claim 30 and 37, Jain as modified discloses a method as recited in claims 29 and 
35 respectively. Jain as modified further discloses wherein the requested modification comprises 
one or more of: adding a filter to the set of fihers, modifying a filter in the set of filters, and 
deleting a filter fi"om the set of filters (Coss: column 2 lines 30-43). 

16. As per claim 31, Jain as modified discloses a method as recited in claim 28, wherein the 
violation occurs if the modification would result in a filter being less restrictive that the filter 
added by the higher managerial level device (Dennis: abstract and column 9 lines 52-67). 

17. As per claim 32 and 38, Jain as modified discloses a method as recited in claims 28 and 
35 respectively. Jain as modified further comprising preventing the computing device fi'om 
modifying the set of filters. (Audebert: column 6 lines 46-61 and column 12 lines 5-16). 
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18. Claims 7, 9, 19, 20, and 21-24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Jain in view of Coss and further in view of Audebert. 

19. As per claim 7, 19, and 20, Jain discloses maintaining, at a computing device, a set of 
filters that restrict the ability of the computing device to communicate with other computing 
devices (Jain: column 1 line 65 - column 2 line 67). Jain does not exphcitly disclose allowing the 
set of filters to be modified fi'om a remote device and preventing the computing device fi^om 
modifying the set of filters. However, Coss discloses that limitation (Coss: colimin 9 lines 7-18). 
It would have been obvious to one having ordinary skill in the art to combine the teachings of 
Coss within the system of Jain because it is well known in the art. 

Jain as modified does not exphcitly disclose preventing the computing device from modifying 
the set of filters. However, Audebert discloses that preventing vmauthorized modification to filter 
software (Audebert: column 6 lines 46-61 and column 12 lines 5-16). It would have been 
obvious to one having ordinary skill in the art to prevent modification to the packet filters in a 
filter program. Therefore, it would have been obvious to one having ordinary skill in the art to 
combine the teachings of Audebert within the combination of Jain-Coss because it increases the 
security of packet filter by preventing modification to the program to bypass the filters. 

20. As per claim 9 and 22, Jain as modified discloses a method as recited in claims 7 and 20 
respectively. Jain as modified further discloses wherein modification of the set of filters includes 
one or more of: adding a new filter to the set of filters, deleting a filter from the set of filters, and 
changing one or more parameters of a filter in the set of filters (Coss: column 2 lines 30-43). 
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21. As per claim 2 1 , Jain as modified discloses a network mediator as recited in claim 20. 
wherein the controller is further to access, upon receipt of another data packet fi-om another 
target device via the network, the set of filters and determine whether the data packet can be 
received at the computing device based on whether the computing device is allowed to receive 
communications fi*om the other target device (Jain: column 1 line 65 - column 2 line 67). 

22. As per claim 23 and 24, Jain as modified discloses a network mediator as recited in claim 
20, wherein the network mediator is coupled to the computing device (Audebert: column 6 lines 
46-61 and column 12 lines 5-16). 

23. Claims 8 and 17 are rejected under 35 U.S.C. 103(a) as being unpatentable over Jain in 
view of Coss and further in view of Audebert and fiirther in view of Boden et al. U.S. Pat. No. 
6266707 (hereinafter Boden2). 

24. As per claim 8, Jain as modified discloses a method as recited in claim 7. Jain as 
modified does not explicitly discloses wherein restriction of the ability of the computing device 
to communicate with other computing devices comprises restricting the computing device fi-om 
transmitting data packets to one or more other computing devices. However, Boden2 discloses 
that limitation (Boden: column 1 lines 32-42). It is well known in the art to filter packets for 
incoming and outgoing packets. Therefore, it would have been obvious to one having ordinary 
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skill in the art to combine the teachings of Boden2 within the combination of Jain-Coss- 
Audebert. 

25. As per claim 17, Jain as modified discloses a method as recited in claim 7. Jain as 
modified does not explicitly disclose wherein each filter includes a plurality of filter parameters, 
and wherein each of the plurality of filter parameters can include wildcard values. However, 
Boden2 discloses that hmitation (Boden2: column 7 line 66 - column 8 line 22). It would have 
been obvious to one having ordinary skill in the art to combine the teachings of Boden2 within 
the combination of Jain-Coss-Audebert because packet filters are set by administrators based on 
different needs and requirements. 

26. Claims 10-14 are rejected under 35 U.S.C. 103(a) as being unpatentable over Jain in view 
of Coss and further in view of Audebert and further in view of Mayes et al. U.S. Pat. No. 
6510154 (hereinafter Mayes). 

27. As per claim 10, Jain as modified discloses a method as recited in claim 7. Jain as 
modified does not explicitly disclose wherein one or more filters in the set of filters restrict one 
or more of the transmission of data packets of a particular type from the computing device and 
reception of data packets of a particular type at the computing device. However, Mayes discloses 
that limitation (Mayes: abstract and column 1 line 9 and column 2 line 32). It is well knovm in 
the art to filter packets based on their type. Therefore, it would have been obvious to one having 
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ordinary skill in the art to combine the teachings of Mayes within the combination of Jain-Coss- 
Audebert. 

28. As per claim 11, Jain as modified discloses a method as recited in claim 7. Jain as 
modified further discloses wherein one or more filters in the set of filters restrict one or more of 
the transmission of Internet Protocol (IP) data packets from the computing device and reception 
of IP data packets at the computing device based on one or more of: a source address, a 
destination IP address, a source port, a destination port, and a protocol (Jain: column 2 lines 8-18 
and abstract). 

29. As per claim 12, Jain discloses a method as recited in claim 7, Jain further discloses 
wherein one or more filters in the set of filters identifies that a data packet targeting a particular 
address can be transmitted from the computing device to the addressed device, and further 
identifies a new address that the particular address from the data packet is to be changed to prior 
to being communicated to the addressed device (Jain: column 1 line 65 - column 2 line 18). 

30. As per claim 13, Jain discloses a method as recited in claim 7. Jain as modified discloses 
wherein one of the filters in the set of filters is a permissive filter that indicates a data packet can 
be passed to its targeted destination device if the data packet parameters match corresponding 
parameters of the filter (Coss: column 1 lines 20-24). 
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31 . As per claim 14, Jain as modified discloses a method as recited in claim 7. Jain as 
modified fiirther discloses wherein one of the filters in the set of filters is an exclusionary filter 
that indicates a data packet cannot be passed to its targeted destination device if the data packet 
parameters match corresponding parameters of the filter (Coss: column 1 lines 20-24). 

32. Claims 15 and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over Jain in 
view of Coss and fiirther in view of Audebert and fiirther in view of Dennis or fiirther in view of 
Epstein. 

33. As per claim 1 5, Jain as modified discloses a method as recited in claim 7. Jain as 
modified fiirther discloses allowing comprises allowing the set of filters to be modified by a 
remote devices (Coss: colunm 9 lines 7-18). Jain as modified does not explicitly disclose 
plurality of remote computing devices operating at a plurality of different managerial levels. 
However, Dennis discloses that limitation (Dennis: abstract and column 9 lines 52-67). It would 
have been obvious to one having ordinary skill in the art to combine the teachings of Dennis 
within the combination of Jain-Coss- Audebert because it increases security by using 
administrator at different layers. Altematively, Epstein discloses that limitation as well (Epstein: 
column 1 line 23 - colunm 2 line 50 and column 16 lines 27-41). It would have been obvious to 
one having ordinary skill in the art to combine the teachings of Epstein within the combination of 
Jain-Coss-Audebert because it increases security and prevents internal security breach by using 
multiple administrators. 
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34. As per claim 16, Jain as modified discloses a method as recited in 15. Jain as modified 
fiirther discloses comprising allowing the set of filters to be modified by a lower managerial 
level remote device only if the modifications are not less restrictive than modifications imposed 
by a higher managerial level remote device (Dennis: abstract and colunm 9 lines 52-67; Epstein: 
column 1 line 23 - column 2 line 50 and column 16 lines 27-41). 

35. Claims 18 and 25-27 are rejected under 35 U.S.C. 103(a) as being unpatentable over Jain 
in view of Coss and fiirther in view of Audebert and fiirther in view of Chopra et al. U.S. Pat. 
No. 6510509 (hereinafter Chopra). 

36. As per claim 18 and 25, Jain as modified discloses a method as recited in claims 7 and 20 
respectively. Jain as modified does not explicitly disclose wherein the set of fihers restrict the 
ability of the computing device to communicate with other computing devices on a per-data 
packet basis, wherein each filter includes a plurality of filter parameters, and wherein each filter 
parameter includes a filter value and a mask value indicating which portions of the filter value 
must match a corresponding parameter in a data packet for the data packet to satisfy the filter. 
However, Chopra discloses that limitation (Chopra: column 4 lines 25-56). It is well known in 
the art to filter packets according to mask values. Therefore, it would have been obvious to one 
having ordinary skill in the art to combine the teachings of Chopra within the combination of 
Jain-Coss-Audebert. 
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37. As per claim 26 and 27, Jain as modified discloses a network mediator as recited in claim 
25. Jain as modified further discloses wherein the controller is to allow/prevent the data packet to 
be forwarded to the target device if the data packet satisfies the filter (Jain: column 1 line 65 - 
colunm 2 line 18 and abstract; Coss: column 1 lines 20-24). 

38. Claim 33 is rejected under 35 U.S.C. 103(a) as being unpatentable over Jain in view of 
Coss and further in view of Audebert and further in view of Dennis or Epstein and further in 
view of Chopra. 

39. As per claim 33, Jain as modified discloses a method as recited in claim 28. Jain as 
modified does not explicitly disclose wherein the set of filters restrict the abiHty of the 
computing device to communicate with other computing devices on a per-data packet basis, 
wherein each filter includes a plurality of filter parameters, and wherein each filter parameter 
includes a filter value and a mask value indicating which portions of the filter value must match 
a corresponding parameter in a data packet for the data packet to satisfy the filter. However, 
Chopra discloses that limitation (Chopra: column 4 lines 25-56). It is well known in the art to 
filter packets according to mask values. Therefore, it would have been obvious to one having 
ordinary skill in the art to combine the teachings of Chopra within the combination of Jain-Coss- 
Audebert-Dennis-Epstein. 

40. Claims 40 and 41 are rejected under 35 U.S.C. 103(a) as being unpatentable over Jain in 
view of Boden and further in view of Taylor et al. U.S. Pat. No. 6728885 (hereinafter Taylor). 
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41 . As per claim 40 and 41 , Jain as modified discloses a method as recited in claim 39. Jain 
as modified discloses address translation, which is well known in the art. Jain as modified does 
not explicitly disclose wherein the replacing comprises performing the replacing transparent to 
the computing device. However, Taylor discloses that limitation (Taylor: column 2 line 47 - 
colunrn 3 line 9). It is well known in the art to address translation, which is transparent. 
Therefore, it would have been obvious to one having ordinary skill in the art to combine the 
teachings of Taylor within the combination of Jain-Boden because it increase network security 
by prohibiting external network to view the actual address of a target device. 

42. Claims 42 and 48 are rejected under 35 U.S.C. 103(a) as being unpatentable over Jain in 
view of Boden and fiirther in view of Coss and further in view of Audebert. 

43. As per claim 42 and 48, Jain as modified discloses a method as recited in claims 39 and 
45 respectively. Jain as modified fiirther discloses maintaining, at the computing device, a set of 
filters that fiirther restrict the ability of the computing device to communicate with other 
computing devices (Jain: column 2 lines 8-18). 

Jain as modified does not explicitly disclose allowing the set of filters to be modified from a 
remote device and preventing the computing device from modifying the set of filters. However, 
Coss discloses that limitation (Coss: column 9 lines 7-18). It would have been obvious to one 
having ordinary skill in the art to combine the teachings of Coss within the combination of Jain- 
Boden because it is well known in the art. 
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Jain as modified does not explicitly disclose preventing the computing device from modifying 
the set of filters. However, Audebert discloses that preventing unauthorized modification to filter 
software (Audebert: column 6 lines 46-61 and column 12 lines 5-16). It would have been 
obvious to one having ordinary skill in the art to prevent modification to the packet filters in a 
filter program. Therefore, it would have been obvious to one having ordinary skill in the art to 
combine the teachings of Audebert within the combination of Jain-Boden-Coss because it 
increases the security of packet filter by preventing modification to the program to bypass the 
filters. 

44. Claim 43 is rejected under 35 U.S.C. 103(a) as being unpatentable over Jain in view 
Boden and further in view of Coss and further in view of Dennis or Epstein. 

45. As per claim 43, Jain as modified discloses a method as recited in claim 39. Jain as 
modified further comprising: maintaining a set of filters that restrict the ability of the computing 
device to communicate with other computing devices (Jain: column 2 lines 8-18). Jain as 
modified does not explicitly disclose allowing multiple remote computing devices, each 
corresponding to a preventing a lower managerial level device from modifying the set of filters 
in a manner that would result in a violation of a filter added by a higher managerial level device. 
However, Coss discloses remote proxy or administrator loads filters (Coss: column 9 lines 7-18). 
It would have been obvious to one having ordinary skill in the art to combine the teachings of 
Coss within the combinafion of Jain-Boden because it is well known in the art. 
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Jain as modified does not explicitly disclose plurality of remote devices operating at plurality of 
different managerial level However, Dennis discloses that limitation (Dennis: abstract and 
column 9 lines 52-67). It would have been obvious to one having ordinary skill in the art to 
combine the teachings of Dennis within the combination of Jain-Boden-Coss because it increases 
security by using administrator at different layers. Alternatively, Epstein discloses that limitation 
as well (Epstein: column 1 line 23 - column 2 line 50 and column 16 lines 27-41). It would have 
been obvious to one having ordinary skill in the art to combine the teachings of Epstein within 
the combination of Jain-Boden-Coss because it increases security and prevents internal security 
breach by using multiple administrators. 

46. Claims 46 and 47 are rejected under 35 U.S.C. 103(a) as being unpatentable over Jain in 
view of Boden and further in view of Audebert. 

47. As per claim 46 and 47, Jain as modified discloses a network mediator as recited in claim 
45. Jain as modified does not expUcitly discloses wherein the network mediator is 
communicatively coupled to the computing device. However, Audebert discloses that limitation 
(Audebert: column 6 lines 46-61 and column 12 lines 5-16). It would have been obvious to one 
having ordinary skill in the art to combine the teachings of Audebert within the combination of 
Jain-Boden because it is well known in the art to provide local filter software to prevent local 
computers fi"om receiving malicious packets. 
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Conclusion 



48. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

* Please note that most of the reference cited above discloses network address translation within 
firewall/packet filter thus discloses essential limitations defined by conventional packet 
filter/firewall. 

Falck et al. U.S. Pat. No. 6360265 discloses network address translation within packet 
filtering device. 

Bal et al. U.S. Pat. No. 6691168 discloses method and apparatus for high-speed network 
rule processing. 

Albert et al. U.S. Pat. No. discloses sending instructions fi"om a service manager to 
forwarding agents on a need to know basis. 

Johnson U.S. Pat. No. 6366578 discloses proxy server (column 7 line 48 - colunrn 8 line 
15) and remote management system including multiple level of administrator (column 44 line 64 
- colimin 45 line 38) 

Any inquiry concerning this communication or earlier communications fi'om the 
examiner should be directed to Shin-Hon Chen whose telephone number is (703) 305-8654. The 
examiner can normally be reached on Monday through Friday 8:00am to 4:30pm. 

If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 
supervisor, Ayaz Sheikh can be reached on (703) 305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Art Unit: 2131 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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